Xerox Docket No. D/A1636 
Application No. 10/066,699 



REMARKS 

Claims 1-5, 8-12, 14, 15 and 17-24 are pending in this application. By this 
Amendment, claims 1-5, 8-12, 14, 15 and 17-22 are amended. Claims 6, 7, 13 and 16 are 
canceled without prejudice to, or disclaimer of, the subject matter recited therein. New 
claims 23 and 24 are added. 

At the top of page 2, the disclosure is objected to. The objection to the disclosure 
appears to be premised on the conclusion that Applicants' specification includes admitted 
prior art. On page 2, the Office Action requests corrections to Figs. 1 and 2 based on this 
same premise. 

Applicants are unaware of a basis for the Office Action's assertion that the 
specification makes an admission regarding prior art. Rather, the specification refers Fig. 1 in 
a heading labeled Background of the Related Art. Paragraphs [0021] and [0022] also refer to 
the subject matter disclosed in Figs. 1 and 2 in a manner that is clearly contradictory to an 
admission that the subject matter disclosed in Figs. 1 and 2 constitutes prior art. 

For at least the foregoing reasons, it is respectfiiUy requested that no correction is 
necessary and that the objection to the specification and drawings on page 2 of the Office 
Action be withdrawn. 

On pages 3-9, the Office Action rejects claims 1-22 under 35 U.S.C. § 102(b) as being 
anticipated by "Key Agreement in Ad Hoc Networks" by Asokan et al. (hereinafter 
"Asokan"). On pages 9-14, the Office Action rejects claims 1-22 under 35 U.S.C. §102(e) as 
being anticipated by U.S. Patent Application PubUcation No. 2002/0065065 to Lunsford et al. 
(hereinafter "Lunsford"). On pages 14-17, the Office Action rejects claims 1-5, 7, 8, 15, 16, 
18-20 and 22 under 35 U.S.C. §102(e) as being anticipated by U.S. Patent No. 6,396,612 to 
Bjomdahl. These rejections are respectfiilly traversed. 

-10- 



Xerox Docket No. D/A1636 
Application No. 1 0/066,699 

Prior to the 2002 filing date of the application, the cryptographic literature described a 
large number of key exchange protocols, which allow two or more parties to authenticate each 
other and communicate securely assuming that the parties already share an established trust 
relationship, i.e., the parties must either share a password or secret key, or must each have a 
copy of the other's pubhc key which the parties know to be both authentic and the correct key 
for the party of interest. However, establishing these trust relationships was a time- 
consuming, manual process, involving hard effort often beyond the ability of end users. 
These trust relationships were typically established by using "out of band channels" to 
exchange authentication data, e.g., a user would exchange a password over the phone, or 
would manually exchange public keys, e.g., by transferring them to each other on floppy disks 
in a form that required significant cryptographic understanding by the users involved. 

These out of band channels were manual, and labor-intensive, so much so that they 
were used only by very security-conscious individuals or for very high-security applications. 
In the absence of this manual configuration, users were forced to rely on trusted third parties, 
such as certification authorities to establish tmst, but such systems incur their own range of 
usability problems. 

The work of Anderson and Stajano (cited in the appUcation) proposed an approach to 
automate this exchange of out-of-band authentication information, through the use of a 
trusted channel by which devices could exch^mge such authentication information without 
requiring manual effort (or cryptographic understanding) by the users involved. However, the 
work of Anderson and Stajano (as well as the other work in the prior art of record) assumed 
that the authentication information that would be exchanged was secret, i.e., a password or 
secret key, and that the trusted channel must therefore be impervious to eavesdroppers (or, in 
the technical term used in the application, resistant to "passive attacks"; in the case of 



Xerox Docket No. D/A1636 
Application No. 10/066,699 

Anderson and Stajano that channel was a physical connection between two devices). If 

someone was able to overhear the exchange of authentication information on the trusted 

channel, the resulting system was not secure. 

An advance provided by the claimed subject matter is to describe how to use 
cryptographic techniques to arrange that the information sent on the trusted channel is not 
secret - that even if an eavesdropper overhears that information, they cannot impersonate the 
parties involved or decrypt later communication between the parties. Importantly, this allows 
a much wider variety of media to be used as such a tmsted secondary channel, as it is no 
longer required that the channel to be impervious to eavesdroppers. Instead, such a channel 
must only be resistant to active attack^ i.e., if an attacker transmits data on that channel, it 
must be possible for legitimate participants to detect that fact and abort the protocol. This 
results in a significant improvement in both security and usability. 

Regarding Asokan, the Office Action focuses primarily on two issues. First, and most 
important, the Office Action questions whether Asokan describes on page 1628, col. 1, lines 
29-34, an application of infi^ared as a secondary channel equivalent to the infirared 
corresponding to the rejected claims. In fact, Asokan does not disclose, teach or suggest that 
subject matter. 

The text of Asokan describes the channel identified as "a physically secure channel 
limited to those present" ~ in other words, a channel that is impervious to eavesdropping by 
all but the legitimate participants (Asokan describes a protocol for group key agreement, and 
hence "those present" identifies the set of participants authorized to access the data 
exchanged). In fact, the protocol described in Asokan focuses entirely on the use of 
passwords as authenticators - data which indeed must be kept secret if it were to be 
transmitted automatically over a secondary channel. Additionally, Asokan emphasizes the 



-12- 



Xerox Docket No. D/A1636 
Application No. 10/066,699 

fact that infrared is only considered for use as a channel for exchanging secret information by 
focusing on the fact that it is limited to those present in the room. 

In contradistinction, infrared, though giving the impression of being limited to a line- 
of-sight connection between two devices, in fact bounces around and can be "read" by anyone 
whose access is not blocked by a wall or IR-impermeable window. The approach recited in 
the pending claims requires only that if someone transmits information on the infrared 
channel, that fact is detectable by the participants in the protocol. Thus, infrared can be used 
as a secure channel to set up a secure connection between only two of a group of people in a 
room, whereas infrared cannot in Asokan. The fundamental difference between the approach 
recited in the claims and the approach of Asokan is that in the claimed approach, participants 
use the secondary (e.g., infrared) channel to exchange public data cryptographically linked to 
secret data which they retain; observation of the public data (which, as noted by Asokan, is 
possible for anyone in the room) does not aid an attacker, because the attacker does not 
possess the corresponding secret data (e.g., the private key corresponding to a public key) 
which would allow the attacker to both authenticate themselves as the person transmitting 
over IR and secure further communication. 

The final approach presented by Asokan requires the participants in a group wishing 
to secure communication to manually enter a secret password visible to all participants (but 
no one else) into their computers, further supporting the conclusion that Asokan does not 
anticipate the use of public authenticators as recited in the pending claims. Furthermore, 
Asokan certainly did not anticipate the use of audio as an authentication channel as recited in 
the claims — to do so requires the use of public, rather than secret, authenticators, as an audio 
exchange is extremely vulnerable to passive attack (which secret-based authentication 
schemes such as Asokan*s are not secure against). 



-13- 



Xerox Docket No. D/A1636 
Application No. 10/066,699 

Next, in the comments on claims 2-7, the Office Action suggests that Asokan 

perforais a number of the steps described in the claims as part of their "Generic protocol for 

password authenticated key exchange" on page 1629. However, there are two phases to the 

data exchanges performed. First, authentication data is exchanged in an "out of band 

channel." In the application, this is a "location-limited channel," such as an infrared 

exchange. In Asokan, this is the blackboard on which participants write the shared secret 

password. 

Claims 2-7 identify aspects of the public authentication data sent over this location- 
limited chaimel, and describe various forms that the data can take to provide the novel 
properties described above. After the exchange of authentication data in the out-of-band 
channel (or in standard approaches, once such data has been manually configured), the parties 
involved authenticate to each other by demonstrating that they are indeed the entities whose 
authentication information has been so exchanged or configured. For instance, in Asokan, the 
parties demonstrate to each other that they all know the secret password. In the claims, the 
parties each demonstrate that they know the secret information corresponding to the public 
authentication information they exchanged over the location-limited channel. The parties 
make this demonstration typically using a key exchange protocol, which may also have the 
effect of allowing the parties to derive shared secret keys that the parties can use to protect 
future communication and Unk such communication back to the original authentication data. 

The key exchange or authentication protocol is not performed in the out-of-band 
channel, but is performed over some more standard network medium. These key exchange 
protocols are in common use, and are not claimed. 

Asokan's primary contribution is to describe a new instance of such a key exchange 
protocol, which is what is shown on page 1629. While this protocol does include the 



-14- 



Xerox Docket No. D/A1636 
Application No. 10/066,699 

exchanges of cryptographic digests, public keys, and other data items similar to the language 

used in the claims, such items are used as part of the authentication protocol where keys are 

exchanged over a standard network medium, not as part of the initial tmst establishment 

phase where authentication data is exchanged over an out of band channel (in the claims, a 

location-limited channel). Use of such items in this latter context is recited in the claims, not 

use in the former context where such items are used, not only by Asokan, but by large 

numbers of other protocols. 

Finally, regarding claims 10-17, the Office Action notes that Asokan describes the use 
of group key exchange protocols. Again, the application does not introduce new group key 
exchange protocols, and not only recognizes that many such protocols (such as Asokan's) 
exist in the art, but incorporates such protocols. Use of automated exchange of public 
authentication data, as recited in the claims, makes it easy for participants to authenticate each 
other and use such pre-existing protocols. 

For at least the foregoing reasons, it is respectfully submitted that Asokan does not 
disclose, teach or suggest the subject matter recited in the pending claims. 

Bjomdahl also does not anticipate the use of public authentication information 
exchanged over a channel such as infrared as recited in the claims. Li the abstract, Bjomdahl 
describes "establishing a wireless link between two devices for the exchange of sensitive 
information, such as encryption information." When Bjomdahl describes what is exchanged 
over the infrared link, it states, "an TR response signal, which preferably includes an 
encryption key," which is then used to encrypt data over a RF link. Further, Bjomdahl 
describes the use of the IR link to transfer other data which is too sensitive to be exchanged 
over the RF link, even while using encryption, and provides an example mode where 
conmiunicating parties switch back to IR to exchange sensitive information. This emphasis 



-15- 



Xerox Docket No. D/A1636 
Application No. 10/066,699 

on the use of IR as a secure channel for transmitting sensitive information which would be 

vulnerable to eavesdroppers if exchanged in the primary chaimel indicates that Bjomdahl 

considers the infrared charmel to be a secret one - impervious to eavesdroppers - over which 

the parties transmit secrets themselves, such as encryption keys. 

For at least the foregoing reasons, it is respectfully submitted that Bjomdahl does not 
disclose, teach or suggest the subject matter recited in the claims. 

Lunsford also fails to anticipate the claims because it also relies upon the IR link as a 
secret channel over which to exchange secret data. Moreover, Lunsford does not reduce its 
idea to practice. Lunsford describes the use of an IR beam to "mutually identify the first 
device and the second device out of a plurality of devices" (claim 11). Lunsford describes the 
IR link as "point-to-point, line-of-sight" (paragraph 46), contrasting it with an RF Unk that is 
"wide area, non-line-of-sight." This indicates that IR is considered in Lunsford to be a secure 
link between two devices over which confidential data can be exchanged, even if those 
devices are not isolated by walls fi-om other potentially eavesdropping devices (i.e., Lunsford 
does not appreciate the intrinsic vulnerabilities of the infrared medium, and are treating the 
infrared medium as secret even though it is not). This is evidenced by paragraph 58, for 
example, where Lunsford argues that two devices cannot form an IR link because the devices 
are not line-of-sight (even though one might easily eavesdrop on the IR communications of 
the other without being detected, a fact not noted by Lunsford). 

Lunsford does not describe the information sent over the IR link, saying only that the 
information is used to "select" the target device (not authenticate), and to "set up the 
parameters (e.g., encryption, coding, etc.) for implementing a secure transmission of data via 
an RF link" (paragraph 56). Typically in the art, "parameters" for any encryption or 
authentication algorithm may include the choice of algorithm to be used, cryptographic values 



-16- 



Xerox Docket No. D/A1636 
Application No. 10/066,699 

such as modular exponentiation groups or the lengths of keys, but "parameters" do not 

include encryption or authentication keys themselves. 

Limsford gives little indication about what the information devices exchange over IR 

to identify each other (term from paragraph 57). The only concrete example given is in 

paragraph 58, where Lunsford describes having the devices exchange BlueTooth identifiers 

(BTADDRS, in the terms of the BlueTooth Specification) over the infrared link. Once that is 

done, Lunsford suggests the sending and receiving devices can "bond themselves to each 

other," which would appear to mean that the devices would undergo standard BlueTooth 

pairing over the BlueTooth link. This pairing requires the entry of a PIN into both sides, 

which Lunsford does not appear to address (unless both devices are configured to use a fixed 

PIN that both know, which is common in existing implementations). In such a case, the use 

of the BlueTooth identifier as the selection data exchanged over IR, while adding 

convenience to the end user, neither provides any security whatsoever (such addresses can 

easily be forged and there is no cryptographic binding between the address sent over IR and 

the device with whom one actually communicates over the BlueTooth link). Later in 

paragraph 58, Lunsford provides the only general details of the approach, describing the 

information sent over IR: "This information can be mere BlueTooth device identifiers, or can 

be encryption codes, or other secure data transmission means." The term "encryption codes" 

is not used in general in the art, and could only be interpreted reasonably to mean "encryption 

algorithms" ~ which is not sufficient to authenticate a transmission. "Other secure data 

transmission means" is extremely general, and does not provide any useful information at all. 

For at least the foregoing refisons, it is respectfully submitted that Lunsford does not 

disclose, teach or suggest the subject matter recited in the pending claims. 



-17- 



Xerox Docket No. D/A1636 
Application No. 10/066,699 



Claim 6, 7, 13 and 16 are canceled without prejudice to, or disclaimer of, the subject 
matter therein, thus rendering their rejection moot. 

For at least the foregoing reasons, it is respectfully requested that the rejections of 
claims 1-22 on pages 3-17 of the Office Action be withdrawn. 

Claim 24 is patentable based at least on its dependence from claim 1 for the reasons 
stated above in connection with claim 1 . Claim 23 is patentable for similar reasons. 

In view of the foregoing, it is respectfully submitted that this application is in 
condition for allowance. Favorable reconsideration and prompt allowance of claims 1-5, 
8-12, 14, 15 and 17-24 are earnestly solicited. 

Should the Examiner believe that anything further would be desirable in order to place 
this application in even better condition for allowance, the Examiner is invited to contact the 
undersigned at the telephone number set forth below. 




Respectfully submitted. 



Registration No. 27,075 



Mark R. Woodall 
Registration No. 43,286 



JAO:MRW/mdw 



Date: December 19, 2005 



DEPOSIT ACCOUNT USE 



OLIFF & BERRIDGE, PLC 

P.O. Box 19928 
Alexandria, Virginia 22320 
Telephone: (703) 836-6400 



Charge any fee due to our 
Deposit Account No. 24-0037 



Please grant any extension 



AUTHORIZATION 



necessary for entry; 



-18- 



